2 files changed, 6 insertions, 1 deletions

diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog
index fd44a6077d..ead623aefd 100644
--- a/src/appl/gssftp/ftpd/ChangeLog
+++ b/src/appl/gssftp/ftpd/ChangeLog
@@ -1,3 +1,8 @@
+Fri Mar 12 07:35:01 1999  Tom Yu  <tlyu@mit.edu>
+
+	* ftpd.c (user): Remove extra "%s" in call to sprintf() to avoid
+	dereferencing stack garbage.
+
 Mon Mar  8 23:47:51 1999  Tom Yu  <tlyu@mit.edu>
 
 	* ftpd.M: Resync with reality.
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
index 71709dceae..f880734a5e 100644
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ b/src/appl/gssftp/ftpd/ftpd.c
@@ -765,7 +765,7 @@ user(name)
 #ifdef KRB5_KRB4_COMPAT
 		if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) {
 			authorized = kuserok(&kdata,name) == 0;
-			sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s%s",
+			sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s",
 				kdata.pname, *kdata.pinst ? "." : "",
 				kdata.pinst, kdata.prealm,
 				authorized ? "" : " not", name);